Cant login to PC joined Domain with New User profile

One to authenticate the wired users whom dont have 802.1x enabled on their devices.

and one to authenticate users whom have 802.1x enabled on their devices

The domain member users can authenticate properly as planed.

But I got a problem when a new user want to connect to a domain member device but this user is logging for the first time.

In this case the port will be assigned to the quarantine VLAN because the user didnt pass the healthcheck yet, and since the quarantine VLAN doent have access to domain, then the new user will not be able to login...

I think we have to use what is called machine-authentication here, right?

If yes, then how to configure the machine authentication rule and what is its position?

Re: Cant login to PC joined Domain with New User profile

‎12-19-201606:51 AM

are the authenticated users assigned to "User Athenticated" role

and the autenticated machines assigned to "Machine Authenticated" role by default without any role-mapping policies?

But is this case the PC will be assigned to this MachineAuth-VLAN before the user enters the credentials, so what will hapen after the user gets in, is the authentication process will be repeated all over again, so the user will be assigned to a new VLAN based on his authentication?

Re: Cant login to PC joined Domain with New User profile

and the autenticated machines assigned to "Machine Authenticated" role by default without any role-mapping policies?

But is this case the PC will be assigned to this MachineAuth-VLAN before the user enters the credentials, so what will hapen after the user gets in, is the authentication process will be repeated all over again, so the user will be assigned to a new VLAN based on his authentication?

Thanks

Yes, the machine authed device will get the machine authenticated role without any additional role mapping.

When the user logs in this will trigger another 802.1X authentication request.